Summary: | <net-libs/pjproject-2.10-r1: Multiple vulnerabilities (CVE-2020-{15260,21375}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | jaco, proxy-maint |
Priority: | Normal | Keywords: | PullRequest |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: |
https://github.com/gentoo/gentoo/pull/19876 https://github.com/gentoo/gentoo/pull/19939 |
||
Whiteboard: | B3 [glsa+ cve] | ||
Package list: | Runtime testing required: | --- |
Description
Sam James
2021-03-11 06:36:23 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=69e63f7c831f2a585cd34cb74a3f8bbff901f798 commit 69e63f7c831f2a585cd34cb74a3f8bbff901f798 Author: Jaco Kroon <jaco@uls.co.za> AuthorDate: 2021-03-11 07:34:54 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-03-11 08:19:44 +0000 net-libs/pjproject: security rev bump to 2.10-r1 Upstream didn't release a new version as one would expect. Instead patches are applied locally. Also add subslot because they are equally good at maintaining ABI compatibility, and SONAME is never updated, thus we need to be able to depend on subslots to rebuild (preserved-rebuild is no good). Bug: https://bugs.gentoo.org/775359 Bug: https://bugs.gentoo.org/775353 Package-Manager: Portage-3.0.13, Repoman-3.0.2 Signed-off-by: Jaco Kroon <jaco@uls.co.za> Closes: https://github.com/gentoo/gentoo/pull/19876 Signed-off-by: Sam James <sam@gentoo.org> ...ct-2.10-CVE-2020-15260-tls-hostname-check.patch | 125 +++++++++++++++++++++ ...-CVE-2021-21375-negotiation-failure-crash.patch | 45 ++++++++ ...ion-between-transport-destroy-and-acquire.patch | 108 ++++++++++++++++++ net-libs/pjproject/pjproject-2.10-r1.ebuild | 125 +++++++++++++++++++++ 4 files changed, 403 insertions(+) Please stable when ready. amd64 done x86 done all arches done Please cleanup. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=627a5846c40c46660578365824ff1c3fedd161d0 commit 627a5846c40c46660578365824ff1c3fedd161d0 Author: Jaco Kroon <jaco@uls.co.za> AuthorDate: 2021-03-15 19:20:05 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2021-03-15 19:20:05 +0000 net-libs/pjproject: security cleanup Bug: https://bugs.gentoo.org/775359 Package-Manager: Portage-3.0.13, Repoman-3.0.2 Signed-off-by: Jaco Kroon <jaco@uls.co.za> Closes: https://github.com/gentoo/gentoo/pull/19939 Signed-off-by: John Helmert III <ajak@gentoo.org> net-libs/pjproject/Manifest | 2 - net-libs/pjproject/metadata.xml | 4 +- net-libs/pjproject/pjproject-2.10.ebuild | 123 --------------------------- net-libs/pjproject/pjproject-2.7.2-r2.ebuild | 117 ------------------------- net-libs/pjproject/pjproject-2.9-r2.ebuild | 123 --------------------------- 5 files changed, 2 insertions(+), 367 deletions(-) Thanks! Request filed This issue was resolved and addressed in GLSA 202107-42 at https://security.gentoo.org/glsa/202107-42 by GLSA coordinator John Helmert III (ajak). |